Operational security for Tor people
Random notes
There is currently no such thing as "how Tor does it".
Use a password manager.
Hardware mods:
- Desolder the microphone.
- Remove the cell phone modem PCI card.
- Remove the antena.
Still an issue on some laptops: Intel AMT. Kinda embedded rootkit. Not many way to remove it.
TrekStor USB stick looks like they have a working write protected switch.
"Nemesis inside" talk at CCCongress about Embedded Controller backdoors.
Use crypto tokens.
How to get Moritz report? How to work on server security and relays?
How to train 3rd parties? Organisational measures to better reflect the changes in our security culture.